Solved

How to involve IP address and/or Mac address in NAT rule

Posted on 2004-10-06
1
217 Views
Last Modified: 2010-08-05
My server (Linux redhat) is providing NAT service to my LAN using this rule

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 is my LAN card interface
eth1 is the public LAN card interface

My question is how to provide NAT service only to one LAN workstation (192.168.0.8) and involve MAC address in this rule to avoid internal hackers using that IP.

Thanks to you all !
0
Comment
Question by:diordonez
1 Comment
 
LVL 12

Accepted Solution

by:
mburdick earned 250 total points
ID: 12243929
While you can accomplish what you want easily, you should be warned that you aren't adding much security to your network.

If a user is smart enough to hard-code an IP to get access, it's likely that they can also override the MAC on their NIC as well. And, your security controls still don't stop them.

A sample of an IPTABLES rule that allows you to integrate a source MAC is:

-A FORWARD -s 172.20.20.11  -i eth0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question